in order to avoid having people working on the same thing.
Current list:
-* Try to use _gnutls_hash_fast() and _gnutls_hmac_fast() where
- possible. Especially when hashing/hmacing records. This would
- allow direct usage of CPU or chip acceleration, which do not
- typically allow multiple hashes.
+* Add DTLS 1.2 support (RFC6347)
+* Added heartbeat support (http://tools.ietf.org/html/draft-ietf-tls-dtls-heartbeat-04)
* Add certificate image support (see RFC3709, RFC6170)
* Perform signature calculation in PKCS #11 using not plain
RSA but rather the combination of RSA-SHA256, RSA-SHA1 etc.
That will allow the usage of more secure tokens that do not
allow plain RSA.
-* Allow setting a PKCS #11 module to gnutls_x509_trust_list_t, to verify
- against, similarly to NSS way.
-* Support replacing individual algorithms via a PKCS #11 module -
- maybe use p11-kit for that.
* Support PKCS#8 AES and DES-MD5 (tests/enc3pkcs8.pem) encrypted keys.
-* Implement TLS-PSK with PKCS #11.
+ (openssl seems to use DES-MD5 to encrypt keys by default)
* Add support for generating empty CRLs
* Document the format for the supported DN attributes.
* Audit the code
+- Implement TLS-PSK with PKCS #11.
+- Allow setting a PKCS #11 module to gnutls_x509_trust_list_t, to verify
+ against, similarly to NSS way.
+- Support replacing individual algorithms via a PKCS #11 module -
+ maybe use p11-kit for that.
- Add function to extract the signers of an openpgp key. Should
be similar to gnutls_x509_crt_get_dn_oid().
- Add function to verify an openpgp key against a plain key.